HOUSE STRUGGLES OVER SECURITY BILL
House Republicans rejected language in a bill that would have shifted
oversight responsibility for cybersecurity from the Homeland Security
Department to a newly created position in the Office of Management
and Budget.
http://www.net-security.org/news.php?id=6165

SECURITY FIRMS MERGE TO FORM CYBERTRUST
"We are going to see more consolidation in this space. I don't think
many of these managed security companies are making a huge profit or
having much impact on the market. The whole area is a minefield and
requires huge investment," Bernie Dodwell, business development
director at distributor Wick Hill, said.
http://www.net-security.org/news.php?id=6176

UK POLICEMAN ARRESTED OVER PHONE TAP CLAIMS
Six men - including a serving Metropolitan Police officer - have been
arrested concerning the alleged illegal interception of private phone
calls.
http://www.net-security.org/news.php?id=6178

VENDORS STRUGGLE TO COPE WITH WLAN SECURITY THREATS
The market for wireless local area network (WLAN) security
technologies is growing "phenomenally", but vendors are struggling to
keep up with the fast-moving nature of WLAN security threats, industry
experts have warned.
http://www.net-security.org/news.php?id=6179

SYSADMIN TO SYSADMIN: FIVE FLAGS YOU COMPLETELY FORGOT ABOUT
Administrators are creatures of habit. So much so that we often read
things and think, "hey, that's really cool," and then we completely
forget about them, even though they might, in some instances, be
useful on a regular basis.
http://www.net-security.org/news.php?id=6185

LARGE SCALE IM VIRUS ATTACK FEARED
Security researchers are seeing the first signs of a large-scale
virus attack taking advantage of a known flaw in the way JPEG images
are processed in Microsoft Windows products.
http://www.net-security.org/news.php?id=6187

SO MANY VIRUSES, SO LITTLE TIME
Those who design new ways of launching attacks on computers are
shortening the development cycle for new exploits, worrying companies
and systems manufacturers.
http://www.net-security.org/news.php?id=6190

ID RULE EXISTS, BUT CAN'T BE SEEN
Justice Department lawyers say there is indeed a rule requiring
passengers to show ID at the airport before boarding a plane, but
they say the exact wording of the rule can't be read by the public
and can't be challenged.
http://www.net-security.org/news.php?id=6195

TEN STEPS TO E-MAIL SECURITY
Organizations would be wise to establish clearly defined security and
e-mail policies. More than 137,000 computer security incidents were
reported in 2003, nearly double the figure from 2002, according to
the Carnegie Mellon's Computer Emergency Response Team.
http://www.net-security.org/news.php?id=6202

Madrid, October 5 2004 - The Mozilla Foundation has released an update for
the Firefox browser to fix a serious security problem.

The corrected vulnerability could allow an attacker to delete files from the
download directory of the affected computer. User interaction is needed to
exploit this security problem. Although there are still no known cases of
attacks exploiting this problem, the Mozilla Foundation advises users to
install the update as a precaution.

The latest version of Firefox that corrects the vulnerability is version
0.10.1. Users can check the version of their browser through the options
'Help' - 'About Mozilla Firefox'.

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

Microsoft's licensing policies and legal restrictions that
forbid schools from distributing software patches to many
students are leaving IT executives at universities with
potentially thousands of unmanaged desktops that pose a serious
security risk.
http://www.nwfusion.com/news/2004/100404highered.html?nl

Future Windows component could spur old-school viruses, 10/04/04

A planned component for Microsoft's next version of Windows is
causing consternation among anti-virus experts, who say that the
new module, a scripting platform called Microsoft Shell, could
give birth to a whole new generation of viruses and remotely
exploitable attacks.
http://www.nwfusion.com/news/2004/1004futurwindo.html?nl

Arbitrary Code-Execution Vulnerability in RealPlayer
eEye Digital Security discovered that a vulnerability in RealPlayer
could let a remote attacker reliably overwrite heap memory with
arbitrary data and execute arbitrary code within the user security
context. This specific flaw exists within the pnen3260.dll file that
RealPlayer uses. By specially crafting a malformed .rm movie file
along with a Synchronized Multimedia Integration Language (SMIL) file,
a direct heap overwrite is triggered and reliable code execution is
then possible. RealNetworks has released a patch for this
vulnerability, which is also available via the Updates section of the
affected application.
http://www.windowsitpro.com/article/articleid/44143/44143.html_________________RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

Madrid, October 8, 2004 - Microsoft is studying a security problem in
ASP.NET that could allow an attacker to access protected web content,
without needing authentication.

Initial data released by Microsoft reveals that the vulnerability would
affect all versions of ASP.NET, regardless of the version of Internet
Information Server (IIS) installed or the version of the IIS components.

Until it has finished investigating the problem and the update that
definitively resolves the problem is available, Microsoft has published an
HTTP module, and reported the action that could be carried out until then.
The company strongly advises all Web content owners and administrators who
are running any version of ASP.NET to implement certain preventive measures,
which are available at:
http://www.microsoft.com/security/incident/aspnet.mspx

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL._________________RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd